Comments (4)
HoustonPutman
commented on June 24, 2024
1
Thanks for helping solve this @dan-niles !
from solr-operator.
dan-niles
commented on June 24, 2024
@sgauchan88 The password in your security.json should be a sha256(password+salt) hash. You can try using this online encryption tool to generate a password.
I tested out the security.json given below and it worked for me. I added some other endpoints in the permissions list and set the blockUnknown option as false.
If you really want to secure all your endpoints (Including the probes) you can set probesRequireAuth:true in the security config and use the following security.json to setup Solr. After the setup you can use the Solr UI or the Authorization API to update the permission for the probes.
{
"authentication": {
"blockUnknown": false,
"class": "solr.BasicAuthPlugin",
"credentials": {
"sandip": "kOPO6E/MScdL8KTc9nmFey0/JpJwZGRdo0RJQO+O4+w= ZnNibnR0Z2NzeG4wN2Jt"
},
"realm": "Solr Basic Auth",
"forwardCredentials": false
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"user-role": {
"sandip": ["admin"]
},
"permissions": [
{
"name": "k8s-probe-0",
"role": null,
"collection": null,
"path": "/admin/info/health"
},
{
"name": "k8s-probe-1",
"role": null,
"collection": null,
"path": "/admin/info/system"
},
{
"name": "k8s-status",
"role": "admin",
"collection": null,
"path": "/admin/collections"
},
{
"name": "k8s-metrics",
"role": "admin",
"collection": null,
"path": "/admin/metrics"
},
{
"name": "k8s-zk",
"role": "admin",
"collection": null,
"path": "/admin/zookeeper/status"
},
{
"name": "k8s-ping",
"role": "admin",
"collection": "*",
"path": "/admin/ping"
},
{
"name": "read",
"role": ["admin"]
},
{
"name": "update",
"role": ["admin"]
},
{
"name": "security-read",
"role": ["admin"]
},
{
"name": "security-edit",
"role": ["admin"]
},
{
"name": "all",
"role": ["admin"]
}
]
}
}from solr-operator.
sgauchan88
commented on June 24, 2024
@dan-niles thanks. this worked for me. is it necessary to create 2 secrets for solr authentication or it would work only with one secret.
from solr-operator.
dan-niles
commented on June 24, 2024
@sgauchan88 Yes, I think both secrets are required initially.
- The
user-provided-secretcredential you created, is required by the Solr Operator to check Solr status, ZK status and metrics. - The
solr-basic-authyou created holds the custom security.json that needs to be bootstrapped by the operator.
Once you have successfully setup authentication on Solr and verified everything is working correctly, I think you can safely delete the solr-basic-auth secret. But the user-provided-secret secret is still required.
from solr-operator.
Related Issues (20)
- Operator never deletes ingress or per-node services
- Improve documentation for additional volumes HOT 1
- Resources limits and requests configuration not set on SolrCloud pod HOT 1
- Add the ability to add Environment variables as a configmap HOT 1
- Not create the StatefulSets when add the custom security.json in helm HOT 4
- Missing permission for "/admin/info/system" endpoint in security.json template in the SolrCloud CRD documentation
- Shards in a down state after an HPA scale up / scale down event. HOT 2
- User helm chart 0.8.0 with default values thorw the error in ValidationError(SolrCloud.spec): unknown field "scaling" in org.apache.solr.v1beta1.SolrCloud.spec HOT 1
- gen-pkcs12-keystore init container fails if the tls secret contains no ca.crt HOT 1
- Support running the solr operator on ARM nodes HOT 4
- Solr Backup recurrence/schedule not enabled by helm 0.7.1 HOT 1
- Actual running pod counts are different from the HPA-allocated HOT 1
- Add useful Operator metrics
- Support replicaPlacementFactory in solr.xml HOT 2
- Liveness probe failing for Prometheus Exporter connected to a large SolrCloud
- Disabling PodDisruptionBudgets for both zk pods and solr pods HOT 3
- adding automountServiceAccountToken HOT 1
- Replica allocation after Node is DisabledScheduling HOT 1
- zkHost and zkServer generated incorrectly - helm templates HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from solr-operator.